openvpn binary
openvpn binary
- is used to setup an openvpn server and/or to connect as openvpn client
Client
Server
Client Configuration
Add the following into .ovpn client file
dhcp-option DNS 192.168.86.1
Example client config
client dev tun route-nopull route 192.168.86.0 255.255.255.0 route 192.168.0.0 255.255.255.0 proto udp remote 150.221.175.11 1194 resolv-retry infinite nobind remote-cert-tls server tls-version-min 1.2 verify-x509-name ubuntu-server-vpn_09846c25-9359-4cd6-83d2-3c102898ea36 name cipher AES-256-CBC auth SHA256 auth-nocache verb 3 dhcp-option DNS 192.168.86.1 <ca> -----BEGIN CERTIFICATE----- MIIBvjCCAWWgAwIBAgIURdavgTB3CFtignOwD9wxgS2gmMEwCgYIKoZIzj0EAwIw .....
LINUX
1. On Ubuntu 16.04 client you need add following directives to client.ovpn config file:
script-security 2
dhcp-option DNS 192.168.1.1
dhcp-option DOMAIN example.lan 2. Only on ubuntu client, you also need following directives
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-confWINDOWS
1. On Windows 10 client you need add following directives to client.ovpn config file
script-security 2
dhcp-option DNS 192.168.1.1
dhcp-option DOMAIN example.lanNo more directives is required for windows. Latest openvpn client versions for windows does not recognize option DOMAIN-SEARCH correctly, and works with option DOMAIN.
Add the following into .ovpn client file
redirect-gateway def1
Add the following into .ovpn client file
route-nopull route 192.168.86.0 255.255.255.0
- this would route ip addresses 192.168.86.0/24 through the VPN gateway
- any other address would go through normal default gateway
Commands
0. select/locate *.ovpn client file
1. connect to the OpenVPN server
sudo openvpn --config <*.ovpn client file>2. Enter Auth Username:
Enter Auth Password: <type password>3. Wait until you see
Initialization Sequence CompletedServer Setup
How to setup OpenVPN
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
dev tun proto udp port 1194 ca /etc/openvpn/easy-rsa/pki/ca.crt cert /etc/openvpn/easy-rsa/pki/issued/ubuntu-server-vpn_09846c25-9359-4cd6-83d2-3c102898ea36.crt key /etc/openvpn/easy-rsa/pki/private/ubuntu-server-vpn_09846c25-9359-4cd6-83d2-3c102898ea36.key dh none ecdh-curve prime256v1 topology subnet server 10.123.79.0 255.255.255.0 # Set your primary domain name server address for clients push "dhcp-option DNS 192.168.86.1" #push "dhcp-option DNS 1.1.1.1" # Prevent DNS leaks on Windows push "block-outside-dns" # Override the Client default gateway by using 0.0.0.0/1 and # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of # overriding but not wiping out the original default gateway. push "redirect-gateway def1" client-to-client client-config-dir /etc/openvpn/ccd keepalive 15 120 remote-cert-tls client tls-version-min 1.2 tls-crypt /etc/openvpn/easy-rsa/pki/ta.key cipher AES-256-CBC auth SHA256 user openvpn group openvpn persist-key persist-tun crl-verify /etc/openvpn/crl.pem status /var/log/openvpn-status.log 20 status-version 3 syslog verb 3 #DuplicateCNs allow access control on a less-granular, per user basis. #Remove # if you will manage access by user instead of device. #duplicate-cn # Generated for use by PiVPN.io
Commands
1. to have launchd start openvpn now and restart at startup
sudo brew services start openvpn
sudo brew services restart openvpn
sudo brew services stop openvpn1. to have systemd start openvpn now and restart at startup
sudo systemctl start openvpn@server
sudo systemctl stop openvpn@server
sudo systemctl restart openvpn@server@server means it will run the /etc/openvpn/server.conf
if @jesus2 means it will run the /etc/openvpn/jesus2.conf
2. get status of server
sudo systemctl status openvpn@server